Internal Launch Industries documentation. Do not share outside the team.
Launch Playbook
10. Risk Management

Risk Management & Strategic Implications

In contract-funded work, "Risk" is defined as Non-Compliance. If we fail to comply with federal or state regulations, Launch Industries can be liable for repayment of funds (Clawback). This module connects the daily operational tasks to these high-level risks.

10.1 Financial Risk & The "Time and Effort" Standard

The Context:

The Regulation: 2 CFR 200.430 (Compensation – Personal Services).

Federal contracts/grants require that salary charges be supported by records that "accurately reflect the work performed."

The Risk:

If a consultant logs 5 hours as "Consulting" without detail, an auditor can disallow those costs. Launch Industries would have to pay that money back.

The SOP Mitigation:

  • Detailed Logs: Harvest entries turn into detailed reports provided to clients to substantiate the money they have spent. They must answer questions such as: What was done? Who was it for? What was the outcome?
  • Example: "Review of Q3 P&L statement with owner to identify expense variances; updated cash flow model."
  • No "Budget Estimates": Consultants must log actual time, not estimated time. Logging "2 hours" every week consistently looks fraudulent. We expect to see variable time logs (e.g., 00:52 minutes, 00:27 minutes, 00:04 minutes, 01:35, etc.)

10.2 Data Security & Privacy Risk

The Context: We handle sensitive data (EINs, Social Security Numbers, Bank Details).

The Risk:

Data breaches or "Loose Files" (such as notes, in Photos, Google Docs, Google Sheets, etc.) containing PII (Personally Identifiable Information).

The SOP Mitigation:

  • 1Password Protocol: Passwords are never emailed or Slacked unencrypted. They are shared via 1Password vaults.
  • No Local Files Policy: Staff should not store participant or client files on their local desktop. All work must be done within the Google Drive environment.
  • Offboarding Kill Switch: Access revocation must happen simultaneously with any staff termination. A disgruntled ex-consultant with access to the CRM is a catastrophic risk.

10.3 Strategic Risk: "Double Billing" & Contract Overlap

The Context:

Often, Launch Industries manages multiple contracts (e.g., State Contract and City Contract).

The Risk:

Charging the same hour of work to two different contracts. This is fraud.

The SOP Mitigation:

  • Distinct Harvest Projects: Even if the participant or client is the same, if the funding source changes, a NEW Harvest project must be created.
  • Split Billing: If a deliverable being worked on is necessary for two or more clients or participants at the same time (and has been requested by both), it is permissible to split the time between multiple Harvest projects. Discuss with General Manager (Monica) for context if a potential opportunity to do so arises.
  • The "Toggle" Check: Consultants must be trained to verify which bucket they are billing before starting the timer. The Team Lead reviews this during the Friday Audit.
9. Technical Assistance Lifecycle11. Conclusion